| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Regenerate test CA certificates with appropriate extensions
Test certificates in test/rubygems lack the basic constraints extension.
Here is the patch against rubygems' util/create_certs.rb.
ruby util/create_certs.rb &&
cp test/rubygems/*.pem /path/to/ruby/test/rubygems/ &&
ruby util/create_encrypted_key.rb &&
cp test/rubygems/encrypted_private_key.pem /path/to/ruby/test/rubygems/
------------------------ >8 ------------------------
diff --git a/util/create_certs.rb b/util/create_certs.rb
index 4f6f9ea..313a724 100644
--- a/util/create_certs.rb
+++ b/util/create_certs.rb
@@ -4,37 +4,41 @@ require 'time'
class CertificateBuilder
- attr_reader :today
+ attr_reader :start
def initialize key_size = 2048
- today = Time.now.utc
- @today = Time.utc today.year, today.month, today.day
+ @start = Time.utc 2012, 01, 01, 00, 00, 00
@end_of_time = Time.utc 9999, 12, 31, 23, 59, 59
@end_of_time_32 = Time.utc 2038, 01, 19, 03, 14, 07
+ @key_size = key_size
@serial = 0
end
- def create_certificates(key, subject, issuer_key = key, issuer = subject,
- not_before: @today, not_after: :end_of_time)
+ def create_certificates(key, subject, issuer_key = key, issuer_cert = nil,
+ not_before: @start, not_after: :end_of_time,
+ is_ca: false)
certificates = []
not_before, not_before_32 = validity_for not_before
not_after, not_after_32 = validity_for not_after
+ issuer_cert, issuer_cert_32 = issuer_cert
certificates <<
- create_certificate(key, subject, issuer_key, issuer,
- not_before, not_after)
+ create_certificate(key, subject, issuer_key, issuer_cert,
+ not_before, not_after, is_ca)
certificates <<
- create_certificate(key, subject, issuer_key, issuer,
- not_before_32, not_after_32)
+ create_certificate(key, subject, issuer_key, issuer_cert_32,
+ not_before_32, not_after_32, is_ca)
certificates
end
- def create_certificate key, subject, issuer_key, issuer, not_before, not_after
- puts "creating cert - subject: #{subject}, issuer: #{issuer}"
+ def create_certificate(key, subject, issuer_key, issuer_cert,
+ not_before, not_after, is_ca)
cert = OpenSSL::X509::Certificate.new
+ issuer_cert ||= cert # if not specified, create self signing cert
+
cert.version = 2
cert.serial = 0
@@ -45,32 +49,41 @@ class CertificateBuilder
cert.public_key = key.public_key
- cert.subject =
- OpenSSL::X509::Name.new [%W[CN #{subject}], %w[DC example]]
- cert.issuer =
- OpenSSL::X509::Name.new [%W[CN #{issuer}], %w[DC example]]
+ cert.subject = OpenSSL::X509::Name.new [%W[CN #{subject}], %w[DC example]]
+ cert.issuer = issuer_cert.subject
- ef = OpenSSL::X509::ExtensionFactory.new nil, cert
+ ef = OpenSSL::X509::ExtensionFactory.new issuer_cert, cert
cert.extensions = [
- ef.create_extension('subjectAltName', "email:#{subject}@example")
+ ef.create_extension('subjectAltName', "email:#{subject}@example"),
+ ef.create_extension('subjectKeyIdentifier', 'hash')
]
+ if cert != issuer_cert # not self-signed cert
+ cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always')
+ end
+
+ if is_ca
+ cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true)
+ cert.add_extension ef.create_extension('keyUsage', 'keyCertSign', true)
+ end
+
cert.sign issuer_key, OpenSSL::Digest::SHA1.new
+ puts "created cert - subject: #{cert.subject}, issuer: #{cert.issuer}"
cert
end
def create_key
puts "creating key"
- OpenSSL::PKey::RSA.new 2048
+ OpenSSL::PKey::RSA.new @key_size
end
def create_keys names
keys = {}
names.each do |name|
- keys[name] = create_key
+ keys[name] = OpenSSL::PKey::RSA.new File.read(File.join "test/rubygems/#{name}_key.pem")
end
keys
@@ -108,37 +121,39 @@ keys = cb.create_keys [
keys[:public] = keys[:private].public_key
-certs = {
- alternate:
- cb.create_certificates(keys[:alternate], 'alternate'),
- child:
- cb.create_certificates(keys[:child], 'child',
- keys[:private], 'nobody'),
- expired:
- cb.create_certificates(keys[:private], 'nobody',
- not_before: Time.at(0),
- not_after: Time.at(0)),
- future:
- cb.create_certificates(keys[:private], 'nobody',
- not_before: :end_of_time,
- not_after: :end_of_time),
- grandchild:
- cb.create_certificates(keys[:grandchild], 'grandchild',
- keys[:child], 'child'),
- invalid_issuer:
- cb.create_certificates(keys[:invalid], 'invalid',
- keys[:invalid], 'nobody'),
- invalid_signer:
- cb.create_certificates(keys[:invalid], 'invalid',
- keys[:private], 'invalid'),
- invalidchild:
- cb.create_certificates(keys[:invalidchild], 'invalidchild',
- keys[:invalid], 'child'),
- public:
- cb.create_certificates(keys[:private], 'nobody'),
- wrong_key:
- cb.create_certificates(keys[:alternate], 'nobody'),
-}
+certs = {}
+certs[:public] =
+ cb.create_certificates(keys[:private], 'nobody',
+ is_ca: true)
+certs[:child] =
+ cb.create_certificates(keys[:child], 'child',
+ keys[:private], certs[:public],
+ is_ca: true)
+certs[:alternate] =
+ cb.create_certificates(keys[:alternate], 'alternate')
+certs[:expired] =
+ cb.create_certificates(keys[:private], 'nobody',
+ not_before: Time.at(0),
+ not_after: Time.at(0))
+certs[:future] =
+ cb.create_certificates(keys[:private], 'nobody',
+ not_before: :end_of_time,
+ not_after: :end_of_time)
+certs[:invalid_issuer] =
+ cb.create_certificates(keys[:invalid], 'invalid',
+ keys[:invalid], certs[:public],
+ is_ca: true)
+certs[:grandchild] =
+ cb.create_certificates(keys[:grandchild], 'grandchild',
+ keys[:child], certs[:child])
+certs[:invalid_signer] =
+ cb.create_certificates(keys[:invalid], 'invalid',
+ keys[:private], certs[:invalid])
+certs[:invalidchild] =
+ cb.create_certificates(keys[:invalidchild], 'invalidchild',
+ keys[:invalid], certs[:child])
+certs[:wrong_key] =
+ cb.create_certificates(keys[:alternate], 'nobody')
base_dir = 'test/rubygems'
|
|
|
|
|
|
| |
The current CA certificate is created with basicConstraints=CA:FALSE but
it is no longer allowed in OpenSSL 1.1.0. So recreate the CA (and server
certificate).
|
|
|
|
|
|
|
|
|
|
|
| |
The default session timeout for TLSv1 is 7200 and shouldn't be 300. And
this should not be checked because the value is decided by just "the 24
hours mentioned in the TLSv1 spec is way too long for http, the cache
would over fill" (from OpenSSL's source comment).
Old OpenSSL (<= 1.0.2) set ssl_ctx->session_timeout on SSL_CTX_new(),
which we call always with SSLv23_method(), and it isn't updated with
SSL_set_ssl_method().
|
|
|
|
|
| |
SSL_CTX_remove_session() sets not_resumable to the deleted session and
OpenSSL 1.1.0 denies to resume a SSL_SESSION with not_resumable != 0.
|
| |
|
| |
|
|
|
|
|
| |
Add note to the documentation, and fix tests which rely on
Engine.cleanup. Test cases are now run in separate process.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
And deprecate #tmp_ecdh_callback.
Since SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0, we
can't provide SSLContext#tmp_ecdh_callback anymore. Instead, we should
use SSL_CTX_set1_curves_list() to set the curves and
SSL_CTX_set_ecdh_auto() to make OpenSSL select automatically from the
list.
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1.0 introduced "security level" and these methods deal with
it.
This patch includes many test changes: setting the level to 0.
The default security level is 1 and this prohibits aNULL ciphers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use EVP_PKEY_get0_* instead of pkey->pkey.*
Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type)
Because of this, we can no longer set the parameters/keys directly, and
the newly added functions as alternative require setting all relevant
values at the same time. So this patch contains incompatibility: the
following code no longer works (if using 1.1.0):
dh = OpenSSL::PKey::DH.new(...)
dh.priv_key = OpenSSL::BN.new(...)
...and we have to write like:
dh = OpenSSL::PKey::DH.new(...)
priv = OpenSSL::BN.new(...)
pub = <calculate (dh.g ** priv) % dh.p>
dh.set_key(pub, priv)
|
|
|
|
|
|
|
|
|
| |
The last release of OpenSSL 0.9.7 series was over 9 years ago (!) and
even 0.9.8/1.0.0 are no longer supported (EOL was 2015-12-31).
It actually doesn't compile since r40461 (ext/openssl/ossl_bn.c
(ossl_bn_initialize): allow Fixnum and Bignum. [ruby-core:53986]
[Feature #8217], 2013-04-25, 2.1.0) and it looks like nobody noticed it.
|
|
|
|
|
|
|
| |
* ext/stringio/stringio.c (strio_s_new): warn if a block is given,
as well as IO.new.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54792 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* ruby.c (process_options): convert -e script to the encoding
given by a command line option on Windows. assume it is the
expected encoding. [ruby-dev:49461] [Bug #11900]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54785 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
non-numeric objects.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54739 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* ruby.c: cygwin does not use w32_cmdvector, command line can be
other than UTF-8. [ruby-dev:49519] [Bug #12184]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54720 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
| |
to avoid test failures due to the tzdata change.
https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95
Found by naruse.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54706 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* eval_jump.c (exec_end_procs_chain): restore previous error info
for each end procs. [ruby-core:75038] [Bug #12302]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54681 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
| |
* ext/cgi/escape/escape.c (cgiesc_unescape): define unescape
method instead of _unescape, and should pass the optional
argument to the super method.
* lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate
method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* test/lib/test/unit/assertions.rb (assert_syntax_error): return
the rescued exception object as well as assert_raise.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54653 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
backward compatibilities, and it is documented that
Time.parse does not take into account time zone
abbreations other than ones described in RFC 822
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54647 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* test/logger/test_logdevice.rb: use assert_predicate,
assert_not_predicate, and assert_file instead of bare assert.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54641 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54639 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* lib/logger.rb: Allow specifying logger prameters such as level,
progname, datetime_format, formatter in constructor [Bug #12224]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54638 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* compile.c (iseq_peephole_optimize): should not replace the
current target INSN, not to follow the replaced dangling link in
the caller. [ruby-core:74993] [Bug #11816]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54628 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* numeric.c (flo_truncate): add an optional parameter, digits, as
well as Float#round. [Feature #12245]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54625 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* numeric.c (int_truncate): add an optional parameter, digits, as
well as Integer#round. [Feature #12245]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* test/ruby/test_float.rb: add assertions for round,floor,ceil on
negative floats. [Feature #12245]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54623 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* struct.c (struct_make_members_list, rb_struct_s_def): member
names should be unique. [ruby-core:74971] [Bug #12291]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54612 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
Found by nagachika.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54609 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54606 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
| |
* rational.c (rb_rational_add): rename from nurat_add.
* array.c (rb_ary_sum): use rb_rational_add directly.
* test/ruby/test_array.rb (test_sum): add assertions for an array of
Rational values.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54602 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
| |
* array.c (rb_ary_sum): apply the precision compensated algorithm
for an array in which Rational and Float values are mixed.
* test/ruby/test_array.rb (test_sum): add assertions for the above
change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54601 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* thread.c (rb_thread_setname): defer setting native thread name
set in initialize until the native thread is created.
[ruby-core:74963] [Bug #12290]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54600 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* thread.c (get_initialized_threadptr): extract ensuring that the
thread is initialized.
* thread.c (rb_thread_setname): thread must be initialized to set
the name. [ruby-core:74963] [Bug #12290]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54598 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
Complex numbers.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
| |
* ext/io/console/console.c (console_key_pressed_p): raise the same
exception, "unknown virtual key code", for names with nul chars.
though console_win32_vk() considers the length and can deal with
nul chars, rb_sprintf() raised at PRIsVALUE previously, so quote
it if it is unprintable.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54589 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* test/io/console/test_io_console.rb: move conditions for method
definitions before the bodies.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54579 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54577 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kahan's compensated summation algorithm for precise sum of float
numbers is moved from ary_inject_op in enum.c.
* enum.c (ary_inject_op): Don't specialize for float numbers.
[ruby-core:74569] [Feature#12217] proposed by mrkn.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* numeric.c (flo_ceil): add an optional parameter, digits, as
well as Float#round. [Feature #12245]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* numeric.c (flo_floor): add an optional parameter, digits, as
well as Integer#floor. [Feature #12245]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* numeric.c (int_ceil): add an optional parameter, digits, as
well as Integer#round. [Feature #12245]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* numeric.c (int_floor): add an optional parameter, digits, as
well as Integer#round.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54561 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* file.c (Init_File): add alias File.empty? to File.zero?.
[Feature #9969]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54559 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* parse.y (assign_in_cond): allow multiple assignment in
conditional expression. [Feature #10617]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54558 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
| |
instance variables on special const objects.
All of such objects are frozen, so that we can not set instance
variables for them. But we can read instance variables and return
default value (nil).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|